DAY2™ adheres to a least-privileged permission model throughout all platform operations. Our goal is to ensure that our customers have complete control over the permissions they grant and to limit the scope of our access to each operation.
In DAY2™, we create a specific role with the bare minimum permissions and Service Principal/App Registration for the resource discovery. The custom RBAC roles that are associated with the Service Principal in your Azure subscription have the least necessary permissions.
These roles are created in your Azure subscription for Resource Discovery (Initial Resource Discovery and Real-Time Resource Discovery).
Described below are the custom RBAC permissions assigned to the service principal in the subscription.
Reader Role
Azure inbuilt Reader role that reads all the resources inside the subscription.Custom Role
Resource Group
Read/Write resource groups in the Subscription.Event Grid
Read/Write event grid in the Subscription.Event Subscription
Read/Write Event in the Subscription.Logic Apps
Read/Write in the Subscription.Web App
Read/Write Connections and Connection Gateways in the Subscription.Microsoft.Authorization
Read - Role assignments and Role Definition in the Subscription.
For granular details of permissions for each of these areas, contact us at [email protected].